c10c9b286cbf4cf3b6701f6149ad5f41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c10c9b286cbf4cf3b6701f6149ad5f41_JaffaCakes118
Size

164KB
MD5

c10c9b286cbf4cf3b6701f6149ad5f41
SHA1

d1ce64c951b2b34e9898dc0165f4739dd2b50149
SHA256

443e71d91831b254c024b90e7906c906bda2b353ae584a109ab50b9749c3b604
SHA512

bf8acf0020ac3dffbd33ef36a3e24c7838e2bc83f54605dd5bc42bd1dda09b992b49fe1f2213e693e081a67a6ab1b58f7e6f6380598032dfa8a053212322fd50
SSDEEP

1536:PQoCtrPFES5hBEKyw3qzsfhfFlT2ZOcmFa3hd+g/:PytrlBREwZN8OcIaR3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c10c9b286cbf4cf3b6701f6149ad5f41_JaffaCakes118
unpack001/out.upx

Files

c10c9b286cbf4cf3b6701f6149ad5f41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ